Artificial intelligence tools such as OpenAI’s ChatGPT will create more problems, bugs, and attack vectors if utilized to write smart contracts and build cryptocurrency projects, says CertiK’s chief security officer, Kang Li.
During Korean Blockchain Week, Kang Li explained that ChatGPT lacks the ability to detect logical code bugs that experienced developers can easily notice.
According to Kang Li, using ChatGPT to write smart contracts may result in more bugs, which could be catastrophic for beginners or inexperienced coders.
“ChatGPT will enable a bunch of people that have never had all this training to jump in, they can start right now and I start to worry about morphological design problems buried in there.”
Kang Li further added, “You write something and ChatGPT helps you build it but because of all these design flaws, it may fail miserably when attackers start coming.”
Instead of using ChatGPT as the primary coding tool, Kang Li believes it should be used as an assistant for engineers, as it is better at explaining what a line of code means.
“I think ChatGPT is a great helpful tool for people doing code analysis and reverse engineering. It’s definitely a good assistant, and it’ll improve our efficiency tremendously.”
Kang Li emphasized that it should not be relied upon for writing code, especially for those who are inexperienced and looking to build monetizable projects.
He mentioned that he would stand by his assertions for the next two to three years, acknowledging the rapid advancements in AI that may enhance ChatGPT’s capabilities.
AI tech getting better at social engineering exploits
Richard Ma, the co-founder and CEO of Web3 security firm Quantstamp, stated that AI tools are becoming more successful at social engineering attacks, some of which are indistinguishable from those attempted by humans.
Clients of Quantstamp are reporting an increasing number of sophisticated social engineering attempts.
“[With] the recent ones, it looks like people have been using machine learning to write emails and messages. It’s a lot more convincing than the social engineering attempts from a couple of years ago.”
Richard Ma believes that we are approaching a point where it will be difficult to differentiate between AI-generated and human-generated malicious messages.
He mentioned that crypto industry experts are already being targeted, while others are being impersonated by AI bots. Richard Ma believes that the situation will only worsen.
“In crypto, there’s a lot of databases with all the contact information for the key people from each project. So the hackers have access to that [and] they have an AI that can basically try to message people in different ways.”
Better anti-phishing software is expected to enter the market to aid companies in mitigating potential attacks.
Related: Twitter Hack: ‘Social Engineering Attack’ on Employee Admin Panels
Magazine: AI Eye: Apple developing pocket AI, deep fake music deal, hypnotizing GPT-4
The Korean Blockchain Week crowd gathering for a keynote. Source: Andrew Fenton/Coinpostman
